A support library for adding deployment automation in travis.
So travis can automatically checkout the travis submodule, use the https
address. Think of this as a read-only link to the travis repo.
From the root directory of the repo you're adding to travis:
git submodule add https://github.com/m-lab/travis.git
From the top level repo (that contains travis as a submodule):
mkdir keys
./travis/create_service_account_and_key.sh \
mlab-sandbox cloud-storage-deployer keys/mlab-sandbox.json
./travis/create_service_account_and_key.sh \
mlab-staging cloud-storage-deployer keys/mlab-staging.json
# NB: do not include "." in the resulting tar file.
pushd keys
tar --exclude=*.tar* -cvf service-accounts.tar *.json
popd
cp ./travis/template-travis.yml .travis.yml
travis encrypt-file keys/service-accounts.tar --add
Update the .travis.yml template to match your repository and deployment needs.
Encryption keys may be overwritten by invoking travis encrypt-file
more than
once for the same repository.
In the event that the encryption keys are lost, there are a few steps that have to be taken to restore functionality.
- If the SA keys are available, skip to step 4.
- Create new service accounts or new keys for existing account, for mlab-sandbox and mlab-staging, downloading the json key files.
- Update GCS ACLs, e.g.
gsutil acl ch -u \ legacy-rpm-writer@mlab-sandbox.iam.gserviceaccount.com:WRITE \ gs://legacy-rpms-mlab-sandbox
- Tar the SA keys: tar cf service-accounts.tar legacy-rpm-writer.mlab*
- Encrypt the tar file:
Optionally, if you want to provide the keys for some other repos, copy the key and iv values into a command like:
travis encrypt-file -f -p service-accounts.tar --repo m-lab/<repo-name>
travis encrypt-file -f -p service-accounts.tar --key \ AAA151324478927bbbbbbbbbcccccccccccccdddddddddd53223551235324324 \ --iv 632451671306d1842843a792250ce707 --repo gfr10598/ndt-support
- Copy the keys printed when you encrypted the tar file, and paste them in place of the three occurances in the script commands below.
- Copy the encrypted tar file to the travis directory (where this script is located).
- Commit to an appropriate branch, generate PR, and send for review.